Slashdot Mirror
8 Ways To Circumvent the PROTECT-IP Act
Dangerous_Minds writes "One of the things that the PROTECT-IP act is said to do is make DNS servers censor websites that have been accused of copyright infringement. Drew Wilson of ZeroPaid decided to look in to how many ways he could come up with that would circumvent such censorship. He found 8 ways to circumvent such censorship. The article includes pros and cons and links to guides on how to carry out these methods. The methods are: using a VPN service, using your HOSTs file, using TOR, using freely available DNS lookup tools, changing your DNS server to a non-US server, using command prompt, using Foxy Proxy, and using MAFIAAFire. If anything, the list raises serious doubts that the PROTECT IP Act will even put a dent on copyright infringement online."
Best idea: Don't use DNS servers located in the United States.
I mean, at the rate our country's going, it won't be long before other countries just start walling us in. Not out. In. "Those 'mericans are craaaazy. They think they own this shit. Well, this here is mah router, and this here is mah website, and those yankee bastards can eat a bag of dicks."
Progress: It's gonna happen, whether Uncle Sam wants it or not.
#fuckbeta #iamslashdot #dicemustdie
"One of the things that the PROTECT-IP act is said to do is make DNS servers censor websites that have been accused of copyright infringement. Drew Wilson ... found 8 ways to circumvent such censorship. ... If anything, the list raises serious doubts that the PROTECT IP Act will even put a dent on copyright infringement online."
Think of our legislators as black hats, poking holes in our network infrastructure because they are malicious pricks, or getting paid, or both, but the end result is that we learn how to make the network resistant to their attacks. In a way, they perform an important function. Sure, we all prefer white hats, but the black hats are out there, in congress, running major corporations, and even in the White House. Nothing is going to change that, so we must secure our network from the threat they represent.
Stop-Prism.org: Opt Out of Surveillance
Run your own recursive DNS resolver with DNSSEC validation. I recommend Unbound, because it's easy to set up and it runs on Windows and Linux.
Granted, it is technically still possible to censor your results by intercepting your DNS packets, but if implementations of DNS censorship in other countries are any indication, running your own resolver works nicely.
Excuse me? Don't be so quick to tie workarounds to illegal behavior. Even if you never visit a censored web site, you should change your setup to render DNS censorship ineffective. It is important to keep the tools of censorship dull, or we'll see the day when they're used against our freedom!
Legislation, even in a more dictatorial environment like China's is invariably slow and misinformed regarding technology. The delusion of those who think themselves in power can be stated in one sentence, "We think the internet is controllable."
And it is, sometimes, for a while.
More so in China where fewer wish to rock the boat (for the moment), but censorship is a complete fail in countries like the USA and Russia or the former Eastern Bloc countries. Too many unhappy, unemployed, poor engineers. Articles like this one point out just how futile and absurd such efforts are.
Information may not want to be free, but *people* sure are nosy bastards. You can bet they'll work around anything throw in their path, even if means going back to exchanging CDs, tapes or paper.
Please do not read this sig. Thank you.
In Denmark all the ISPs block The Pirate Bay. I've tried to get around it, turns out it's implemented using DNS, which a retarded chimpanse could circumvent.
The problem is it sounds good on paper. Blocking access to the sites like that gets most of the n00b people away to alternatives, but if you have any technical skill you can get around it. The alternative is some form of deep packet inspection, and no ISP wants that.
I can't see how the blocking makes any sense. It is not impacting piracy whatsoever. Every blocked site has alternatives, and they too will need to be blocked. At some point they will be, but only to give birth to even more alternatives. One buys an internet connection, and that should come without restrictions. It's like selling a car and trying to prevent the driver visiting some foobar number of places.
It doesn't matter what laws they have in place or the methods they use. We'll simply find ways around it. It's really quite silly, they're attempting to hold onto a system that's morally flawed and very nearly outdated by fighting a large number of talented tech saavy people on the internet. They'd have better luck trying to call the internet police on the trolls at 4chan.
Don't use domain names. The abstraction may be convenient, it may be useful, but it isn't strictly necessary. The IP address works just fine.
http://216.34.181.45/ gets you to Slashdot with no DNS involvement.
Of course, the question is now around that missing abstraction. Do you trust me? Is that really Slashdot's address? Is it a rick-roll, a goatse, or a virus-laden fake? What most people don't consider is just how much they trust their DNS providers, but they do so with no authentication on that service. Many of the ways in the article are the ways that malware uses to subvert your relationship to your real DNS server.
John
there are a few root DNS servers located outside the US. The problem would be that the root servers would then be out of sink with each other. Not sure that it matters, maybe there is a way to keep a record around, but not send it to anything other than a root server.
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
The goal is sufficient deterrence, or sometimes just evidence that you're engaging in behavior you know to be complicit in a crime.
Which it will completely fail to do. The pirate sites can get non-US domains or the people accessing them can easily route around the problem at their end.
It's just more knee-jerk bullcrap from technologically illiterate politicians which harms fundamental Internet infrastructure while it can't possibly achieve what they say they want to achieve. On the plus side, maybe it will help the push toward eliminating DNS in favor of a decentralised alternative which can't be censored.
"If anything, the list raises serious doubts that the PROTECT IP Act will even put a dent on copyright infringement online"
Let's be honest here... I doubt even the asshats who wrote the legislation thought it would do that. At best its real purpose is to create a mechanism the government can use to shut down websites.
=Smidge=
If you can prevent most people from doing it, you can then start issuing insane prison sentences/fines on those who do. Isolate and punish. No one is going to give jail time or excessive fines...(right? please?)...to the 14 year old who stumbled on Napster, but the computer geek who "bypasses DNS" using a dangerous hacker operating system called "linux": http://www.techdirt.com/articles/20090414/1837144515.shtml
In short, first you make sure only a tiny minority can sympathize with them, follow it up with character attacks, and BAMN: you can start sentencing people to a few decades in prison for a victim-less crime committed in their late teens.
Sure I'm being more than a little hyperbolic here, but the point is that the more steps you go to to bypass this sort of thing, the more you start to look like an unsympathetic, evil hacker to the nice gentlepersons on the jury...don't dismiss the value of making it harder for the average person to the censorship lobby's efforts.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
They haven't voted it in yet. It's on hold in the Senate.
Write your congresscritters (one rep, two senators). Include Senator Wyden, who placed the hold on it. Good old fashioned snail-mail. They pay more attention to that than to emails or phone calls. In your own words, tell them why it's a bad law and should not be passed. Be polite. Then tell them that you'll be paying special attention to their votes on the bill. Follow through on that - write another letter if and when they vote.
I guess, in the USA at least, Innocent until proven guilty no longer applies. If Sony, the MPAA, RIAA, and the ass hats they happen to be sucking off this week decide your server might be guilty, Your business is basically toast. What, you don't have reserves to deal with a 6 month outage while you pay a bajillion in legal fees to prove your right? Too Frking bad. This is the new media world after all. They make the rules. Law and constitutionality have NOTHING to do with any of this.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
And all this just for the sake of the likes of Justin Bieber and Shakira and Hollywood so they can profit for the crap they do.
If you want to fight censorship you have to go directly to your " "artists" " and ask them why they work for a MAFIAA thats trying to fuck our internet. An active, longlasting and noisy boycott targetted to the "artist" him/herself is all You need.
But no! lets all fiddle with proxies and Tor so we can have our tunez and have the mental-fap that we 0wned the censorz and we can has "teh 1337est freedom"
Engineers think in solutions for engineers.. this is a problem that have root in society and how they consume media. Here we have 8 solutions the don't solve the inherent problem that is: Media industry have failed (You know it, they know it) and it's going down fucking everything in the way, because they can.
They are testing the waters and those 8 "solutions" are what they want to see, not the general public realization of the absurdity this is.
Am I incorrect when I say that the root DNS servers are controlled by the US and all other servers are programmed to follow them?
The DNS system is a tree like hierarchy. The root servers only have the IP addresses of the next level, which is the .com, .org, .net and all the .[country code] (.uk, .dk, .se, etc).
It would not be possible to block illegalsite.dk using the root servers. You need the .dk servers to do that. The root servers could take the whole of .dk offline but that would be a major international crisis. Nobody wants that.
Now it is just as easy to get a court order in Denmark to block anything on a .dk domain. It is probably easier. But apparently the american lawyers are lazy and want to use the USA courts.
One can wonder however how it was that thepiratebay.org got blocked in Denmark. But not in the USA where they could simply turn off the domain since it is a .org.
Honestly, all the "censorship" talk about copyright makes me imagine a spamlord complaining that he's being censored because he can't get his mass mailings out to everybody.
"But if thought corrupts language, language can also corrupt thought."
--- George Orwell (1984)
Two thoughts:
1. There is an immediate First amendment freedom of speech issue here, as speech will be silenced without due process. The abrogation of the right to speech is inherent in the abrogation of the ability to be heard in a public forum. If you tear gas the audience of the guy on the soapbox, you are still stifling speech. This silences speech, without any legal determination whether the speech is protected. Historical evidence has shown that laws of this sort will be abused to silence appropriate and protected speech. It will not fail to do this, because there is no process in place other than the will to power. We can bank on that. This aspect of the law should be struck down on basic Constitutional grounds (and it will be severable so it won't affect the rest of it, unfortunately.)
2. We are on our way to the Great Firewall. This is the exact same thing China does to websites that it thinks are against political interests. It's just that our political interests are based in the distorted idea that we can build an economy on censorship and artificial scarcity of information, in an age of unprecedented freedom and speed of communication which enabled that dream in the first place! It's a circular firing squad we're setting up here. We are on the wrong side of history if we let this pass or remain unchallenged. We are just absolutely brain-dead to shoot the nascent information economy in the face with the uncertainties this process will cause.
This provision is a myopic, special interest concern that fails to see that you can't have the good without some measure of bad. We should take the good and mitigate the bad. This is disrupting the whole damned thing, like a player who "wins" a chess game by throwing the board into the air. Write your congressperson a letter on letterhead. Call them. Visit them. March on Washington, if you are able.
For God's sake, we cannot let them do this. We're going for a triple-dip recession if we do.
If the ONLY content on a particular website is copyrighted works being given away (distributed) without license and you can prove that the website/domain name will never ever ever be used for anything else, then you can claim that blocking said website/domain is not equal to censorship. Otherwise you should send the owner notice of violation and take them to court.
A fool throws a stone into a well and a thousand sages can not remove it.
. Idiot proof. So while we may read about 8 ways to bypass, I question how many people or incapable of using these ways and, if this DNS block won't actually reduce the usage substantially.
They won't need to understand the methods, they'll be built into the next generation of download software.
Does anyone knows if there is already someone working on an internet made by citizens? e. g. , wireless routers in homes linked to each other, on a city scale at least!
In typical fashion, the technical elite focus primarily on the technical solutions. That is not how this war will be won. This time the enemy is trying approach X, which is sloppy and inept, and you have 8 different technical solutions with which to counter it. So you chalk it up as a victory for the geeks or even as an important improvement to the system.
This clumsy assault which you've thwarted with your technical prowess, and all of its sibling assaults in this diversionary and dissipative battle, are not the war however. They know they can't win the technical battle, so of course they will not even set foot on the field. They will say "We tried to build a secure network, but we've been continuously thwarted in our every attempt. Now we need to go after these [insert scary moniker]." The next phase will be increased and targeted criminalization. This phase is the building of the case in support of the draconian laws that are to come. It's difficult to take away people's freedoms for no reason. It's easy to convince people to give them up voluntarily in exchange for security. Especially for security from mysterious threats involving forces that they do not understand (eg. technology). By feigning technical restriction, they are drawing you out so that you might build the case against you yourselves. It's classic battlefield tactics--use your enemy's strength against them.
This war can only be won by defeating the enemy's ability to create legislation against freedom. Since it is the public's ignorance that will make this possible, the battleground of education is where this contest will be decided. Unfortunately, that particular topic is deep behind enemy lines and well nigh unassailable.
I didn't read any of this as an attempt to equate copyright enforcement with censorship. The problem is that the government will have the authority and the means to shut down entire websites simply because someone complains that a copyright has been enfringed. That is, there is no requirement (or even mechanism) for judicial review before an entire site is muzzled. That opens the door to Censorship with a capital-C.
Of the approximately 600 members of Dreamboard, only 72 were charged, and twenty of them as John Does. According to the Twitched Indictment, Dreamboard gave advice to its members as to which encryption to use, but obviously the Feds aren't shouting from the rooftops about which security protocols they weren't able to break and/or circumvent...
So we've got to manage infrastructure in a way that's counter to it's purpose. They propose this already knowing the workarounds and that it's technically not a feasible solution for anything, and yet they want it to go through anyway.
Laws shouldn't be there to force third parties to operate in an inefficient or insecure manner. Laws are supposed to be to punish the guilty party, or get restitution for the wronged party. Yes, there are criminal laws that say "don't do this." Don't speed, or don't murder would be examples of those. But I'm having trouble remembering a law that required a 3rd party to censor things at someones request.
If libraries weren't dying as an instituion I'm sure the most obvious similarity would be a librarian being asked to pull books and hide them in the back room because they weren't allowed to show them to the public anymore. I find it interesting that people in America are scared to go to certain websites or look at some of these leaked documents online because it might be illegal or might be used against them. Not only have we bowed down to censorship, we're running scared that someone will find out we aren't so pure and innocent.
People even here are asking "will it be legal to circumvent this?" when the true question should be "why is censorship suddenly a part of the US federal governments mandate?"
The countermeasures look like they've been written by a script-kiddie. They are not 100% effective. Everybody has been concentrating on DNS servers. Guess what...
1) There are already some greedy asshat ISPs intercepting port 53 and replacing results with their own. Right now, they get a lot of complaints when they're caught. But if the government orders it, all ISPs will have to do it.That'll stop *ALL* regular DNS queries to foreign servers (including roots), unless you VPN, or ssh-tunnel, or use non-standard ports.
2) "Undesirable sites" can be null-routed. Remember when Pakistan accidentally knocked Youtube off the net for the entire planet? http://slashdot.org/story/08/02/25/1322252/Pakistan-YouTube-Block-Breaks-the-World Even knowing the correct IP address doesn't work then. Only VPN or ssh-tunneling will get you the content if the IP address itself is blocked. Of course if the US managed to knock foreign "infringing" servers off the net, the MAFIAA wouldn't exactly cry about it.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
6. Using Command Prompt Quick Explanation: In Windows at least, one can simply open up command prompt (explained in tutorial) and simply type in “ping [insert domain name here]” and obtain a server IP address for later use.
The guy is a fucking cretin.
How do he think PING finds the address? It looks it up using the default DNS.
Sigs. We don't need no steenking sigs.
They're already being used against our freedom.
That's the whole point of the law.
All it takes under Protect IP is an accusation.
If you run a website, you can be filtered with little recourse, and be forced to prove your innocence. Might not sound like much, but let me ask you this: how many sites these days use images they found on Google? Thousands, tens of thousands? Every single one of those sites could potentially have a complaint filed, and be labeled as a "pirate" site without the business owner even knowing what happened.
It's unfair.
It stifles speech, and it can easily be used by competitors to hurt the free market.
There's more than just pirated movies here.
This signature has Super Cow Powers
People have to be somewhat computer savy to use the work-arounds mentioned here. While people who read slashdot could easily circumvent these DNS restrictions, the typical Internet user would struggle to do so. This kind of law would put a dent in the piracy, but it would not stop it. Any computer-savy pirate could circumvent the laws, but not everyone could.
I thought there were going to be some legit solutions in TFA but... So here are a few that will actually work.
1) Create a DNSSec DNS service that runs over an "unblockable" encrypted protocol. For example, DNS over HTTPS. Blocking HTTPS traffic would fuck the people pushing this legislation in addition to banks, online shops, online services, etc...
2) Build a completely open wireless network using participation, pwnd phones, pwnd wireless, radio packet technologies, even pidgeons.
3) Revolt. None of this "vote them out of office" bullshit. If your congresscritter votes for this type of legislation go to their house, drag them into the street, beat them to death with a stick. I guarantee the next one will vote against it. If not. rinse. repeat.
Having to work for a living is the root of all evil.